Critical Sandbox Escape Flaw Found in Popular Vm2 NodeJS Library

The vm2 library has become a de‑facto standard for Node.js developers who need to run third‑party JavaScript safely. Its appeal lies in a lightweight sandbox that mimics a full V8 context without exposing the host filesystem, making it attractive for SaaS platforms, online code editors, and AI chatbots. However, vm2’s history is littered with critical escape bugs—CVE‑2022‑36067, CVE‑2023‑29017, and CVE‑2023‑30547—each exposing the inherent difficulty of fully isolating JavaScript in a single process. The recent CVE‑2026‑22709 underscores that even mature versions can miss subtle async‑flow edge cases.

At the heart of CVE‑2026‑22709 is the library’s handling of native Promise objects. While vm2 sanitizes callbacks attached to its custom Promise implementation, async functions return the global Promise, whose then/catch handlers bypass the sandbox’s validation logic. An attacker can inject malicious code through these callbacks, breaking out of the isolated environment and executing arbitrary commands on the host OS. The exploit is straightforward, requiring only a crafted async function, which explains why the vulnerability is rated critical and why it resurfaced despite prior patches.

For businesses, the practical impact is immediate: any service that relies on vm2 to evaluate user‑generated scripts—code‑learning platforms, automated testing suites, or AI‑driven code assistants—faces a direct remote‑code‑execution risk. The recommended mitigation is to upgrade to vm2 3.10.3, which patches the Promise sanitization flaw and incorporates additional hardening measures. Organizations should also audit their dependency trees, enforce strict version pinning, and consider alternative isolation strategies such as containerization or WebAssembly sandboxes. The episode serves as a broader reminder that open‑source components, especially security‑critical ones, require continuous scrutiny and rapid response to emerging threats.